I have an AKS cluster (with AGIC) and a couple of the pods need to send email out. Since the email is coming from the pod what is the best way to get it to work with an SMTP Relay server that needs a whitelisted source IP? I am unsure if the ip address as seen by the SMTP server would be the pod IP, the node IP or the App Gateway IP. I assume it will be one of either pod IP or node IP. Both can change easily when pods get recreated, app is redeployed, with nodepool scaling, etc. Is there some way to handle this dynamic behavior?
Add: I noticed there is an StaticEgressGatewayPreview feature. But we are using Azure CNI Pod subnet. So I don't think that is an option
When using Podsubnet feature, src IP is always Pod IP, if it is not going through public network.
This answer DOES NOT ALWAYS apply when not using Podsubnet. In conclusion:
Podsubnet: Pod IP
Nodesubnet: cross VNet = node IP; within VNet = Pod IP
kubenet / Overlay: node IP
Also: AppGw is ingress. No egress.
Is there some way to handle this dynamic behavior?
Since StaticEgressGateway is not an option for you, you may want to check: https://learn.microsoft.com/en-us/azure/aks/http-proxy
But if your application not supporting HTTP_PROXY, you can discard this way.
Or setting UDR + Virtual Appliance (like Azure Firewall), but it is high cost, which I believe is not in your consideration.